xkcd: Photoshopping Fun

Copyright Showdown: Standing Up To Takedown Notices

On a chilly February day, Stephanie Lenz decided to show her family and friends what her bouncing baby boy could do. She plopped 13-month-old Holden, then learning to walk, on the floor, cranked up Prince's song "Let's Go Crazy" and whipped out the digital camera.

In the 29-second YouTube video that resulted, Holden smiles and bobs up and down to the music. According to Universal Music Publishing Group, he also helps his mom commit a federal crime: copyright infringement.

In June, Universal, which owns the rights to Prince's song, sent a notice to YouTube requesting the video be taken down but did not take action against Lenz. On the contrary, Lenz sued Universal for abusing copyright law.

"The idea that putting a little video of your kid up on YouTube can mean you have to go to court, and maybe declare bankruptcy and lose your house, is just wrong," Lenz said. "I don't like being made to feel afraid, and I don't like being bullied."

Web 2.Woe: Simple Security Flaws Going Unfixed

Web application vulnerabilities are simple to fix but they're here to stay and will likely get worse, say security analysts.

Last week, minor flaws in the Web sites of the Liberal and Labor parties, which allowed the public to create "spoof" pages of the sites, led to fears that the Web sites had been hacked.

Andrew Walls, research director of Gartner's security and privacy group, told ZDNet Australia it did not constitute a genuine hack. "The 'spoof' or prank is actually outside the control of the Web master or developer that is responsible for the Web site," he said.

Security experts refer to the vulnerabilities as cross-site scripting or XSS flaws. While they are fairly simple to fix, Walls said the examples highlight why they should be fixed. Despite the flaws not amounting to any serious threat to security -- no money was lost, no personal details were exposed -- Walls said it had a significant impact, particularly on the Liberal Party's image.

U.S. Toll in Iraq

As of Thursday, Oct. 18, 2007, at least 3,831 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,120 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

He has also recently benefited from some interesting political contributions.

Top Verizon executives, including CEO Ivan Seidenberg and President Dennis Strigl, wrote personal checks to Rockefeller totaling $23,500 in March, 2007. Prior to that apparently coordinated flurry of 29 donations, only one of those executives had ever donated to Rockefeller (at least while working for Verizon).

In fact, prior to 2007, contributions to Rockefeller from company executives at AT&T and Verizon were mostly non-existent.

To reduce cyber crime, the government may want to consider the tactics employed by the music industry against copyright scofflaws, suggests Jason Franklin, a Ph.D. student in computer science at Carnegie Mellon University.

Franklin has co-authored a paper with Adrian Perrig, associate professor at Carnegie Mellon University, Vern Paxson, associate professor at University of California, Berkeley, and Stefan Savage, assistant professor at the University of California, San Diego, which explores the underground hacker economy.

The paper [.pdf], "An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants," measures and analyzes the Internet's black market for information. It is based on 7 months of observation, from January to August 2006, during which 2.4 Gbytes of Internet Relay Chat (IRC) data was logged. IRC is one of the main communication channels of cyber criminals who participate in credit card fraud, identity theft, spamming, and phishing.

The researchers saw over 87,000 credit card numbers traded during this time; they estimate that the total wealth generated from credit card fraud over IRC exceeded $37 million.

Mukasey Says Bush Entitled to Ignore Federal Surveillance Law

Attorney general nominee Michael B. Mukasey suggested today that the president could ignore federal surveillance law if it infringes on his constitutional authority as commander in chief.

Under sharp questioning about the Bush administration's warrantless eavesdropping program, Mukasey said there may be occasions when the president's wartime powers would supersede legal requirements to obtain a warrant to conduct wiretaps.

Analysis: A New USAF Cyber Warfare Doctrine

Recent pronouncements by U.S. Air Force officials about their view of cyberspace as a war-fighting domain have attracted little attention. But the questions they raise for U.S. military policy and doctrine are profound.

“Cyber(space) is important to the nation,” said Gen. Robert Elder, the military officer in charge of the U.S. Air Force’s day-to-day cyberspace operations, acknowledging the dependence of U.S. commerce and banking on the Internet, “But to the Air Force, it’s really important.”

He told a recent briefing organized by the Air Force Association that cyberspace was vital because it was the key to the U.S. military’s fabled cross-domain dominance.

DOE Reveals Cyber Security Partners

The Energy Department today announced the five companies it has selected for negotiation of awards of as much as $7.9 million to develop and integrate cybersecurity devices into the electricity grid and energy infrastructure.

The companies will work on five projects designed to protect the nation’s energy infrastructure from cyberattacks and to modernize the electricity grid. The projects will integrate control systems, vast networks of interconnected electronic devices that help monitor and control the production and distribution of energy in the electric grid, and oil and gas infrastructure.

Quote of the Day [2]: Richard Stiennon

More: Russian Business Network

In case you haven't come across it before, here's an informative blog whose objective is to track events related to the Russian Business Network (RBN) and expose its nodes in between.

What is the RBN at the bottom line? A diversified set of IP blocks located at different parts of world, who periodically appear within the deobfuscated javascipts of the sites who got IFRAME-ed and were found to serve malware by exploiting outdated browser vulnerabilities. What's more interesting to me than the "yet another popular site which got IFRAME-ed by the RBN's network" is the success of the popular malware exploitating kits using outdated and already patched vulnerabilities.

What use are patches when no one is applying them, and aren't unpatched vulnerabilities just as effective as zero day ones? Yes, they are.

Toon of the Day: Revisionist History, Take Two

Analysts: Chinese Search Engines 'Hijacked'

US Internet search engines in China were being hijacked and directed to Chinese-owned Baidu, analysts said Wednesday, speculating that this may be retaliation for the White House award to exiled Tibetan leader the Dalai Lama.Analysts at Search Engine Roundtable, a website focusing on Internet search, said Chinese users trying to search on Google, Yahoo and Microsoft websites were being directed to the Chinese search engine.

"It seems like China is fed up with the US, so as a way to fight back, they redirected virtually all search traffic from Google, Yahoo and Microsoft to Baidu, the Chinese based search engine," the analysts wrote.

The authors said it was not clear exactly how or why the searches were being redirected, but China is known for tightly controlling the Internet and using a variety of filters to screen out search results for issues relating to dissidents or the Tibetan spiritual leader.

NSA Can Eat Data Faster Than Anyone on The Planet

Northrop Grumman recently won a National Security Agency information management and data services contract, which will allow the agency to ingest data at a speed faster than any other entity that the company knows on the planet.

Kevin Henderson, chief systems engineer for the information management and data services project, declined to provide any speed benchmarks for me but said the system would outperform those used for high-energy physics computations, which does provide a good baseline to work from.

In 2005 a team from the Energy Department's Fermi National Accelerator Laboratory and Stanford Linear Accelerator Center transferred physics data at the rate of 150 gigabits per second, or the equivalent of downloading 130 DVD movies in one minute. The NSA system supposedly can work faster than that.

Security Theater: Most Fake Bombs Missed by Screeners

Security screeners at two of the nation's busiest airports failed to find fake bombs hidden on undercover agents posing as passengers in more than 60% of tests last year, according to a classified report obtained by USA TODAY.

Screeners at Los Angeles International Airport missed about 75% of simulated explosives and bomb parts that Transportation Security Administration testers hid under their clothes or in carry-on bags at checkpoints, the TSA report shows.

At Chicago O'Hare International Airport, screeners missed about 60% of hidden bomb materials that were packed in everyday carry-ons — including toiletry kits, briefcases and CD players. San Francisco International Airport screeners, who work for a private company instead of the TSA, missed about 20% of the bombs, the report shows. The TSA ran about 70 tests at Los Angeles, 75 at Chicago and 145 at San Francisco.

The report looks only at those three airports, using them as case studies to understand how well the rest of the U.S. screening system is working to stop terrorists from carrying bombs through checkpoints.

6 Hot Items On The Hacker's Holiday Shopping List

Malicious hackers and other assorted bad guys looking for new tools for plying their trade this upcoming holiday season will have plenty of toys and services to choose from.

Servicing them is a growing underground market bristling with botnets, Trojans, rootkits, spyware and all sorts of shady services aimed at everybody from the humble do-it-yourself hacker to sophisticated, organized criminal gangs.

"Just like there is a B2B marketplace, now there's a C2C -- criminal-to-criminal -- market," said Don Jackson, security researcher with Atlanta-based security vendor SecureWorks.

The Carrot & Stick Approach to Internet Pollution

Study after study show that ISPs in the United States lead the way in providing connectivity to computers that are a major source of malicious activity online, from bot-infected, spam-spewing PCs to compromised computers acting as download sites for malicious software or hosts for phishing Web sites. While it is true that some network providers do a much better job than others in cleaning up problem sites and PCs that are part of their networks, in far too many cases problematic customers are allowed to pollute the Internet for weeks or even months at a time.

Experts say it often costs ISPs more to field a support call from a customer seeking help in cleaning up a virus-infected PC than the provider will make from that customer in an entire year. The result is that -- unless problematic customers are consuming way more than their share of Internet bandwidth -- network providers often find it more cost-effective to simply ignore problematic customers.

I'm not suggesting that taxing online access is the way to fix this problem. But perhaps the time has come for Congress to at least hold out the threat of more government involvement in this space as a means of encouraging Internet providers to do the right thing on security.

Senate Dems Reportedly Agree To Immunize Spying Telecoms

Democrats on the Senate Intelligence Committee will include retroactive legal protections for telecoms that helped with the government's secret surveillance programs after the administration handed over some of the legal documents about the program that the Congress has been asking for, according to the Washington Post.

The deal worked out with the administration at the same time that House Republicans ran procedural circles around the majority party, who was forced to remove their FISA reform bill from the House calendar. The House hoped to move in time to send a message to the Senate.

The deal reportedly would let the telecoms get out of the 50 or so suits pending against them for violating the nation's privacy laws, so long as they can show to a judge in secret that they were given a legal order to help the government.

Wednesday, October 17, 2007

U.S. Toll in Iraq

As of Wednesday, Oct. 17, 2007, at least 3,830 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,120 died as a result of hostile action, according to the military's numbers.

The AP count is six higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

EFF Files Suit Against Director of National Intelligence

The Electronic Frontier Foundation (EFF) filed suit against the Office of the Director of National Intelligence (ODNI) today, demanding any information about telecommunications companies' efforts to get off the hook for their role in the government's illegal electronic surveillance of millions of ordinary Americans.

Congress is currently considering granting amnesty to the telecoms -- a blatant attempt to derail lawsuits aimed at holding the companies responsible for knowingly violating federal privacy laws with warrantless wiretapping and the illegal transfer of vast amounts of personal data to the government. EFF represents the plaintiffs in Hepting v. AT&T, one of dozens of class-action suits accusing the telecoms of violating customers' rights by illegally assisting the National Security Agency with this domestic surveillance.

Will Cyber Intrusions Crash U.S. Electrical Grid?

Some critics of the U.S. government's cybersecurity efforts might argue that nothing short of a bomb going off--or, well, purported Chinese cyberattacks on feds' machines--will land the issue more notice.

This time around, the wake-up call for politicians was, indeed, an explosion: In September, U.S. Homeland Security officials revealed that researchers at the Idaho National Laboratory had managed to destroy a small electrical generator through a simulated cyberattack. A few weeks ago, CNN aired a gloom-and-doom segment featuring snips from the once-classified video showing the device going up in smoke.

Although the prospect of that sort of incident causing massive disruption to the U.S. electrical grid has been around for years, the success of the experimental hack is drawing new calls from Congress for tougher federal security standards on the computer systems that control the nation's power systems.

GPS Jamming in Iraq: 'We Have Met The Enemy...'

U.S. and coalition forces are the single largest source of jamming of Global Positioning System (GPS) receivers in Iraq, according to a co-inventor of the system.

As much as 85 percent of the jamming of GPS receivers in Iraq was caused by U.S. and coalition forces, according to GPS co-inventor Bradford Parkinson with Stanford University, and Martin Faga, former president and CEO of MITRE Corp. and a former director of the National Reconnaissance Office. Parkinson and Faga reported their findings in a briefing given this month to the multi-agency National Space Based Positioning, Timing and Navigation Meeting.

The origins of the GPS jamming was made by personnel from the 14th Air Force, which provides space support to operational missions, but the 14th Air Force did not identify which U.S. or coalition systems had inadvertently jammed GPS receivers.

Expert Calls Apple's iPhone 'Perfect Spying Device'

Hackers intent on unlocking Apple's iPhone for use with carriers other than AT&T -- and for using third-party applications -- exploited a bug in the device's handling of TIFF images. But that same bug can be used for far more nefarious exploits, renowned hacker HD Moore reported on his Web site, Metasploit.

Moore posted to the site an exploit that would allow a hacker to insert malicious code onto someone's iPhone to access the device's data. Because the flawed TIFF library is used by the iPhone's Web browser, e-mail program, and iTunes software Relevant Products/Services -- and because all of those programs run as root processes -- one of the iPhone's undocumented "features" is a gaping security hole.

UK: Police to be Assessed on e-Crime Response

Electronic crime is to be included for the first time in the criteria by which local police forces are assessed.

From this week, HM Inspectorate of Constabulary (HMIC) will examine whether forces have investigated the problem of computer-based criminal activity and what reporting structures are in place to focus on it.

The changes are a major step forward and will help establish a co-ordinated national response, according to Sue Wilkinson, the Association of Chief Police Officers (Acpo) lead on e-crime.

Sex, Nazi, Burritos, Viagra: Who Googles What?

Internet users in Egypt, India and Turkey are the world's most frequent searchers for Web sites using the keyword "sex" on Google search engines, according to statistics provided by Google Inc.

Germany, Mexico and Austria were world's top three searchers of the word "Hitler" while "Nazi" scored the most hits in Chile, Australia and the United Kingdom, data from 2004 to the present retrievable on the "Google Trends" Web site showed.

Chile also came in first place searching for the word "gay", followed by Mexico and Colombia.

Tuesday, October 16, 2007

Image of the Day: Zombie Guts Cereal

U.S. Toll in Iraq

As of Tuesday, Oct. 16, 2007, at least 3,828 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,120 died as a result of hostile action, according to the military's numbers.

The AP count is four higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

xkcd: Scary Crisco Theorem

Off Beat: Man Charged with Hacking into 911 System

SWAT officers expecting to find a murder victim and an armed suspect surrounded the home of an unsuspecting couple but found they were part of what authorities are calling a prank caused by a teenager who hacked into the county's emergency response system.

Randall Ellis, a 19-year-old from Mulkiteo, Wash., is expected to appear in an Orange County courtroom Monday to face charges of computer access and fraud, false imprisonment by violence, falsely reporting a crime and assault with an assault weapon by proxy.

"It's not a prank," said Farrah Emami, spokeswoman for the Orange County District Attorney's Office. "People's lives were in danger."

Authorities believe Ellis hacked into the county's 911 system on March 29 from his home in Mulkiteo at 11:30 p.m.

Ellis allegedly randomly selected the name and address of a Lake Forest couple and electronically transferred false information into the 911 system, Emami said.

Local Value Proposition: MPack and IcePack Now Localized to Chinese

It is logical to consider the possibility that once a malware author starts evaluating the benefits out of releasing a malware in an open source form, malware exploitation kits can also build communities around them.

Since August, 2007, Chinese hacking groups can freely enjoy "the benefits" of IcePack's and MPack's malicious economies of scale attacking approach in the combination of a brain-damaging Keep It Simple Stupid exploitation tactic in the form of serving exploit URLs, which get automatically embedded via a web application bug, or via automated remote file inclusion enabled web site.

Cisco Offices Rraided, Executives Arrested in Brazil

Senior executives of Cisco were reportedly arrested in Brazil this week in a tax fraud investigation of the company.

Citing information from police and tax authorities, Reuters reported that Cisco's Brazilian unit had imported $500 million worth of telecommunications and network equipment over the last five years without properly paying import duties. In all, the company owes an estimated $826.4 million in taxes, fines and interest, Reuters reported.

Yahoo Executive Accused of Lying to Congress

A Yahoo Inc. executive was accused Tuesday of giving false testimony to Congress last year regarding the company's role in the arrest of a Chinese journalist.A House committee wants Yahoo CEO Jerry Yang and general counsel Michael Callahan to clarify at a Nov. 6 hearing the allegedly untruthful testimony Callahan gave Congress in February 2006. "We want to clarify how that happened, and to hold the company to account for its actions both before and after its testimony proved untrue," Rep. Tom Lantos, D-Calif., chairs of the House Foreign Affairs Committee, said in a press release. "And we want to examine what steps the company has taken since then to protect the privacy rights of its users in China."

Porn Typosquatter Fined Again By FTC

A so-called typosquatter who served pornographic advertisements on domains such as Bobthebiulder.com and teltubbies.com has been fined again by the U.S. Federal Trade Commission.

John Zuccarini has agreed to give up $164,000 in typosquatting revenue he is alleged to have raked in, the FTC said Tuesday in a statement. Five years ago, a federal court had barred Zuccarini from registering domains that are misspellings of legitimate brands, a practice called typosquatting, but he ignored the order, according to Carolyn Hann, a staff attorney with the FTC.

"He was engaging in practices that violated certain provisions of the order," Hann said. "He had certain domain names that were transpositions or misspellings of popular domain names."

National Freedom of Speech Week: October 15 - 21, 2007

Quote of the Day: John Bambeneck

"They're about as misunderstood as a senator soliciting sexual favors in an airport bathroom. When most of the world's cyber-miscreants are paying 10 times more for hosting on your network, you don't attract the business by accident."

Northrop Grumman Wins $220M NSA Storage Deal

Northrop Grumman Corp. is leading a team of government contractors on a new $220 million Defense Department contract to develop an advanced information management and data storage system that will upgrade the nation’s electronic intelligence and broaden signals intelligence capabilities at the National Security Agency.

Under the 51-month Information Management and Storage development contract, Northrop Grumman will provide architecture design, systems engineering, system development, integration and test and deployment activities.

Technologists Warn of Security Risks in Warrantless Wiretapping

Six of the nation's leading computer scientists warned in a report [.pdf] dated today that surveillance programs involving large-scale sifting of communications could jeopardize the security of communications networks.

Specifically addressing the Protect America Act, the experts called for cautious design of surveillance systems, strict minimization procedures, and independent review of implementation.

RBN and Bulletproof Hosting

Several previous blog entries have described various forms of web-based attacks. In most cases, the attack involves compromising a large number of web servers in order that the sites they host are turned into drive-by download sites. When victims browse these compromised sites, additional malicious content is silently loaded from some remote server (the attack site).

Whilst looking through some of the data collected from the web threat analysis system in the lab over the last few weeks, I noticed that a number of the remote attack sites were in the same address range. Digging further, it quickly became apparent that the attack sites were using hosting services provided by the Russian Business Network (RBN). The RBN provide web hosting and other services much like any other ISP. Unlike other ISPs however, the RBN is reported to be used almost solely by cybercriminals for illegal purposes. Illegal activities such as phishing, botnet C&C, spam, DoS attacks and malware hosting have all been traced to RBN-hosted servers.

Monday, October 15, 2007

U.S. Toll in Iraq

As of Monday, Oct. 15, 2007, at least 3,828 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,116 died as a result of hostile action, according to the military's numbers.

The AP count is nine higher than the Defense Department's tally, last updated Monday at 10 a.m. EDT.

Verizon Says It Turned Over Data Without Court Orders

Verizon Communications, the nation's second-largest telecom company, told congressional investigators that it has provided customers' telephone records to federal authorities in emergency cases without court orders hundreds of times since 2005.

The company said it does not determine the requests' legality or necessity because to do so would slow efforts to save lives in criminal investigations.

In an Oct. 12 letter replying to Democratic lawmakers, Verizon offered a rare glimpse into the way telecommunications companies cooperate with government requests for information on U.S. citizens.

Verizon also disclosed that the FBI, using administrative subpoenas, sought information identifying not just a person making a call, but all the people that customer called, as well as the people those people called. Verizon does not keep data on this "two-generation community of interest" for customers, but the request highlights the broad reach of the government's quest for data.

AC/DC Wins Domain Name From Porn Business

For the headbangers amongst us, acdc.com is no longer a porn site, but is now a website for the great heavy rockers. “ACDC.com is now serving its proper master and we assure you that the dirty deeds being done dirt cheap will now be of an entirely different variety,” the band stated.

The band found that with a lot of their fans, especially kids, typing in acdc.com as a default to find the band’s website, that something had to be done.

Top U.S. Spy Asked to Explain Pre-9/11 Spying Allegations

House Judiciary Chairman John Conyers is asking the Justice Department and the head of national intelligence to answer startling allegations that the National Security Agency's still-unconfirmed call records data mining program started 7 months before the terrorist attacks of 9/11 and that the government retaliated against a telecom for saying it thought a request to participate was illegal.

As first reported here on THREAT LEVEL and then followed up on (sans credit) by the Washington Post and the New York Times, court documents unveiled last week show that former Qwest CEO Joseph Nacchio tried, unsuccessfully, to raise allegations in court that he refused an NSA request for help from his telecom in February 27, 2001, nearly 7 months prior to 9/11.

Speaking to the Western press for the first time, a Russia-based web-hosting firm pilloried by security companies as a free zone for online crime insists that it's really just misunderstood.

"We can't understand on which basis these organizations have such an opinion about our company," Tim Jaret of the Russian Business Network says in an e-mail interview. "We can say that this is subjective opinion based on these organizations' guesswork." Jaret's e-mail signature identifies him as working in RBN's abuse department.

Security researchers and anti-spam groups say the St. Petersburg-based RBN caters to the worst of the internet's scammers, renting them servers used for phishing and malware attacks, all the while enjoying the protection of Russian government officials. A report by VeriSign called the business "entirely illegal."

"They just figured out that in Russia no one will prosecute them, or if they do, they can pay them off," says Johannes Ullrich, chief technology officer of the SANS Internet Storm Center. Ullrich says RBN maintains a veneer of legitimacy by paying lip service to abuse complaints, but nothing more.

Verizon, Qwest and AT&T each responded in their own special ways to a request from a key Congressional committee about how they respond to government requests for information in letters made public on Monday.

Qwest's brief answer to the House Energy and Commerce Committee said the company -- the only one known to have refused a request from the NSA for cooperation without a court order -- is extremely rigorous in reviewing complicated requests. But the company declined to answer questions about that request, saying it was caught in the crossfire of a lawsuit filed by the federal government against New Jersey's Attorney General, who is seeking answers on how telecoms cooperated with the administration's secret spying programs,

Instead, AT&T's general counsel Wayne Watts wrote a 13-page plea for immunity from lawsuits, laying the blame for any unlawful transfer of customer communication records on the government and calling the lawsuits "exceptionally unfair."

UPDATE: 17:39 PDT:Reutersreports that "Major U.S. telephone carriers refused to answer questions from the Democratic-led Congress about their possible participation in President George W. Bush's warrantless domestic spying program, according to documents released by lawmakers on Monday."

Business Software Alliance Calls for New Cyber Security Legislation

Members of the Business Software Alliance (BSA) have called on the U.S. Congress to pass legislation that would address new types of cybercrimes and increase funding for law enforcement.

Members of the BSA, a trade group based in Washington, D.C., on Monday asked Congress to pass the Cyber-Security Enhancement Act, which would expand the computer crimes statute in federal law to include the stealing of access codes or electronic identifiers from a computer. The bill would also make it a crime to access a computer without authorization, even if the access does not cause damage, and it would define a new crime of conspiracy to commit cybercrime.

Classified Satellite Failure Led To Latest SBIRS Delay

The loss of a classified satellite after only 7 seconds on orbit prompted the review of software and processors that has caused the most recent delay and a potential $1 billion overrun in Lockheed Martin's Space-Based Infrared System (SBIRS), says Gary Payton, deputy under secretary of the Air Force for space programs.

The classified satellite went into a "safe hold," mode, which is initiated when a major anomaly disrupts its operation, and the failure of the safe-hold software made it impossible for ground-control to recover the spacecraft. Payton refers to it as a useless "ice cube."

Implementing Domestic Intelligence Surveillance

Upon lawful request and for a thousand dollars, Comcast, one of the nation's leading telecommunications companies, will intercept its customers' communications under the Foreign Intelligence Surveillance Act.

The cost for performing any FISA surveillance "requiring deployment of an intercept device" is $1,000.00 for the "initial start-up fee (including the first month of intercept service)," according to a newly disclosed Comcast Handbook for Law Enforcement.

Thereafter, the surveillance fee goes down to "$750.00 per month for each subsequent month in which the original [FISA] order or any extensions of the original order are active."

With respect to surveillance policy, the Comcast manual hews closely to the letter of the law, as one would hope and expect.

U.S. Plan for Airline Security Meets Resistance in Canada

Canadian airlines are balking at a Department of Homeland Security plan that would require them to turn over information about passengers flying over the United States to reach another country.

The proposal, which appears at odds with Canada’s privacy laws, would mostly involve Canadians who join the annual winter exodus to Mexico, Cuba and the Caribbean. It is also viewed by the Canadian airline industry as a rejection of several costly measures already taken to assuage American concerns.

Segmenting the Storm Botnet

The latest Storm variants have a new twist. They now use a 40-byte key to encrypt their Overnet P2P traffic. This means that each node will only be able to communicate with nodes that use the same key.

This effectively allows the Storm author to segment the Storm botnet into smaller networks. This could be a precursor to selling Storm to other spammers, as an end-to-end spam botnet system, complete with fast-flux DNS and hosting capabilities.

SWIFT Will Stop Some U.S. Processing in 2009

SWIFT has been heavily criticised for allowing US authorities access to records of banking transactions involving European citizens. It was revealed by The New York Times last year that US intelligence agencies were allowed to view Europeans' transactions.

SWIFT argued that it was obliged to comply with US orders because it carried out hosting and processing of information in the US. European data protection officials have condemned the release of the information. European, Swiss and Belgian data protection authorities all ruled that SWIFT had broken data protection laws in supplying the information without informing bank customers of the US surveillance.

Europe's advisory committee of privacy watchdogs the Article 29 Working Party has revealed that SWIFT is being reorganised to lessen the risk of surveillance, but not until 2009.

Iraq: When All Else Fails, Declare Victory?

The U.S. military believes it has dealt devastating and perhaps irreversible blows to al-Qaeda in Iraq in recent months, leading some generals to advocate a declaration of victory over the group, which the Bush administration has long described as the most lethal U.S. adversary in Iraq.

But as the White House and its military commanders plan the next phase of the war, other officials have cautioned against taking what they see as a premature step that could create strategic and political difficulties for the United States. Such a declaration could fuel criticism that the Iraq conflict has become a civil war in which U.S. combat forces should not be involved. At the same time, the intelligence community, and some in the military itself, worry about underestimating an enemy that has shown great resilience in the past.

Sunday, October 14, 2007

Ironic Image of the Day: Sure, You're Free Now, But...

U.S. Toll in Iraq

As of Sunday, Oct. 14, 2007, at least 3,828 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,115 died as a result of hostile action, according to the military's numbers.

The AP count is 10 higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

Mukasey Acknowledges Legal Questions of White House Terror Policy

As the chief federal trial judge in Manhattan, Michael Mukasey approved secret warrants allowing government roundups of Muslims in the days after the Sept. 11 attacks.

Six years later, the man President Bush wants to be attorney general acknowledged that the law authorizing those warrants “has its perils” in terrorism cases and urged Congress to “fix a strained and mismatched legal system.”

Two Are Sentenced to 5 Years in Pornographic Spam Case

Two men who sent millions of unsolicited pornographic e-mail messages have been sentenced to more than five years in federal prison as part of a prosecution under a federal antispam law, officials from the Department of Justice said Friday.

The men, Jeffrey A. Kilbride of Venice, Calif., and James R. Schaffer of Paradise Valley, Ariz., bought lists of e-mail addresses and sent the owners of those addresses links to pornographic Web sites, prosecutors said.

They were convicted in June of charges including conspiracy, money laundering, fraud and transportation of obscene materials after a three-week trial and were sentenced by a federal judge in Phoenix this week.

Hundreds of New Documents Reveal Expanded Military Role in Domestic Surveillance

New documents uncovered as a result of an American Civil Liberties Union and New York Civil Liberties Union lawsuit reveal that the Department of Defense secretly issued hundreds of national security letters (NSLs) to obtain private and sensitive records of people within the United States without court approval.

A comprehensive analysis of 455 NSLs issued after 9/11 shows that the Defense Department seems to have collaborated with the FBI to circumvent the law, may have overstepped its legal authority to obtain financial and credit records, provided misleading information to Congress, and silenced NSL recipients from speaking out about the records requests, according to the ACLU.